Counting is useless, but reading the CVE contents is a good way to get a quick overview of security history.https://twitter.com/SwiftOnSecurity/status/683430174151458816 …
@dyn___ @SwiftOnSecurity Actually the presence of lots of low-impact CVEs is a good sign that a project does well on security.
-
-
@dyn___@SwiftOnSecurity It means lots of eyes are looking but little serious was found, and shows if project is responding to security bugs -
@RichFelker@SwiftOnSecurity if they CVEs are indeed patched, and hopefully code-wide vs spot fix. 10+ int overflows isn't a good sign...
End of conversation
New conversation -
-
-
@RichFelker@SwiftOnSecurity yes more hints but still hard to have facts on feature coverage/depth, auditor "skillz", black vs whitebox, etcThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.